28.8 C
Guru Unix /Linux and GNU supporter

SynAttack Ransomware Now Using Process Doppelgänging

Ransomware is one of the most heinous pieces of software floating in the cyber world. They attack a computer, encrypts its files and asks for ransom in the change of decryption of the file. SynAttack is one of such ransomware. Recently, an improved edition of this ransomware was spotted online that is using a better method for getting into systems.

According to security researchers, this ransomware is now using “process doppelgänging” technique. This is essentially a code injection system. This system abuses the NTFS mechanism of Windows to create and hide malicious processes inside the system. Thus, the ransomware also hides from the antivirus software and effectively takes over the system.

SynAttack ransomware comes back

SynAttack ransomware strain was the nightmare during August & September 2017 that infected systems all over the world. Back then, this malware was a simpler threat comparing to the present day threats.

That’s because the malware was still in its development process. Recently, a report of Kaspersky tells us that the brand new malware is well-developed. It now uses top-class encryption routine, evading detection with process doppelgänging and above all, the core of it is tightly protected for protection against any reverse engineering.

- Advertisement -

The spreading method is still not so clear. Back in the day when SynAttack emerged and caused a ruckus, the malware strain used badly-secured or insecure (open) RDP connections. There’s been no major patch-up for the RDP scheme as there’s no major malware that used this path. It’s safe to assume that the crooks are using the same method for infiltrating into systems with the latest SynAttack variant.

Here are the messages you’ll get once SynAttack gets you. The best way to stay protected is to protect your remote desktop connection with the powerful password and use better encryption systems. Moreover, make sure that remote desktop service is turned off properly so that it’s unavailable in your system temporarily.

Presently, robots are also in the threat of ransomware. Learn about the robot ransomware – the future threat.

- Advertisement -
Everything Linux, A.I, IT News, DataOps, Open Source and more delivered right to you.
"The best Linux newsletter on the web"


Please enter your comment!
Please enter your name here

Latest article